How to switch SAML from the primary to the secondary authentication method in the database

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

目的

In some cases it may be necessary to switch from using SAML as the primary authentication method, to using it as the secondary authentication method. This change makes it possible to use the standard login method and bypass the SAML redirection and authentication. This is particularly useful in lower environments such as staging, UAT, and development. 

Normally, this is done by going to  > General Configuration > SAML Authentication and simply selecting the desired role there. 

(info) This only applies to the built-in SAML SSO plugin in Confluence 6.1+

However, if a test environment was created from a clone of production, you may experience a problem with SAML where the redirect to the SAML IdP for authentication returns the client back to the production instance, instead of the new test instance.

ソリューション

  • Backup your new environment's database 
    • データベースの変更を行う場合は必ず事前にバックアップを取得してください。可能な場合は、まずステージング サーバーで SQL コマンドの変更、挿入、更新、または削除を行うようにします。

  • Connect to the Confluence database
  • Before making changes, confirm your current configuration is using the built-in SAML plugin as the primary authentication method:

    select * from bandana where bandanakey like 'com.atlassian.plugins.authentication.sso.config.redirect-on-login';
  • If SAML SSO is the primary authentication method, the above query will return a value of 'true' as this example shows: 

    select * from bandana where bandanakey like 'com.atlassian.plugins.authentication.sso.config.redirect-on-login';
     bandanaid | bandanacontext |                            bandanakey                             |      bandanavalue
    -----------+----------------+-------------------------------------------------------------------+------------------------
       1671204 | _GLOBAL        | com.atlassian.plugins.authentication.sso.config.redirect-on-login <string>true</string>
    (1 row)


    • A value of 'false' would indicate SAML SSO is being used as the secondary authentication method.

  • To switch SAML SSO from the primary to the secondary authentication method, execute the following SQL:  

    update bandana set bandanavalue = '<string>false</string>' where bandanakey like 'com.atlassian.plugins.authentication.sso.config.redirect-on-login';
  • Verify the change was implemented by running the following query (result should read 'false' as in the example below): 

    select * from bandana where bandanakey like 'com.atlassian.plugins.authentication.sso.config.redirect-on-login';
    
     bandanaid | bandanacontext |                            bandanakey                             |      bandanavalue
    -----------+----------------+-------------------------------------------------------------------+------------------------
       1671204 | _GLOBAL        | com.atlassian.plugins.authentication.sso.config.redirect-on-login | <string>false</string>
    (1 row)
  • Restart Confluence for the change to take effect

  • After the restart, you may now login to Confluence via the normal method of username/password


最終更新日 2021 年 9 月 17 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.